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Abstract 

This study proposes a quantum secret authentication code for protecting the 
integrity of secret quantum states. Since BB84|Q]] was first proposed, the eaves- 
dropper detection strategy in almost all quantum cryptographic protocols is based 
on the random sample discussion, in which the probability of eavesdropper detec- 
tion is depending on the number of check qubits eavesdropped by the eavesdropper. 
Hence, if the eavesdropper interferes only a few qubits of the transmitted quantum 
sequence, then the detection probability will be very low. This study attempts to 
propose a quantum secret authentication code to solve this problem. With the use 
of quantum secret authentication code, not only is the probability of eavesdropper 
detection guaranteed to be evenly distributed no matter how many qubits had been 
eavesdropped, but also can the quantum transmission efficiency be highly enhanced. 
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1 Introduction 

In 1984, BB84, the first quantum cryptographic protocol was proposed. For the next 
decade, the eavesdropper detection strategy, following the idea of BB84, for almost all 
quantum cryptographic protocols is based on the random sample discussion. In this 
eavesdropper detection method, the check qubits are independent to the message qubits. 
By scrambling the message qubits with the check qubits together, the strategy assumes 
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that an eavesdropper has no idea on discriminating a check qubit from a message qubit. 
An attempt to eavesdrop the qubit sequence by an outsider would only end up disturbing 
the check qubit states. And, the only chance for an eavesdropper detection is when the 
check qubits were altered "inadvertently" by the eavesdropper. Hence, the more check 
qubits altered by an eavesdropper, the higher probability he/she is detected. 

In order to increase the detection probability. The number of check qubits should be 
large enough, because the eavesdropper detection probability for interfering one check 
qubit is 

number o f check qubit s 1 
Tat al number of qubits 4 

where the w^to/^fa-L' represents the probability of the eavesdropper to choose a 
check qubit, and I is the probability that the measurement result of that check qubit is 
different from what was expected due to the interference of that eavesdropper. Most 
protocols suggest the number of check qubits should be at least the same as that of the 
message qubits transmitted iHlElOCZll. 

However, there is a problem with the random sampling discussion strategy, espe- 
cially when an eavesdropper just attempts to eavesdrop only a few qubits in the trans- 
mitted quantum sequence. In this situation, some information might be revealed, and 
the integrity of the message qubits might be jeopardized, but the eavesdropper detection 
probability could still be very low. Most quantum cryptographic protocols ignore this 
problem and conversely assume that the eavesdropper always attempts to eavesdrop the 
entire sequence of qubits. Consequently, the conclusion, the probability of eavesdropper 
detection can reach 1, is asserted. 

This paper aims to design a quantum secret authentication code (QSAC) to solve 
the above-mentioned problem. This QSAC guarantees the integrity of the secret qubits 
transmitted from a sender to a receiver. Furthermore, the intentionally designed avalanche 
effect guarantees the detection of an eavesdropping of even a single qubit in the quantum 
sequence. 

The rest of this paper is organized as follows. Section 2 presents the proposed quan- 
tum secret authentication code and the security analysis. Section 3 gives an application 
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of the proposed QSAC. Finally, conclusions are made in Section 4. 

2 Quantum secret authentication code 

In this section, a quantum secret authentication code (QSAC) is proposed for a receiver to 
verify whether or not the received states are indeed from the alleged sender and without 
being eavesdropped or modified. 

2.1 Notations 

K the pre-shared key between the sender and the receiver. 

II concatenation. 

\M) 1 the i th qubit in the quantum sequence M. 

CNOT(a,b) Control-Not gate, where a is the control qubit and b is the target qubit. If 
a = b, then performs the identity operation /. 

2.2 The avalanche effect 

A CNOT gate is applied here to create an avalanche effect in the QSAC. Figure 1 demon- 
strates an avalanche effect of the QSAC. Assume that there is a function F with a se- 
quence of quantum states as the input and a sequence of entangled qubits as the output. 
The function is composed of a sequence of CNOT operations. For example, let the in- 
put of the function be a three-qubit quantum state 1 1//") 123 and the output, CNOT(qi,q2) 
CNOT(q2,q 3 )CNOT(q 3 ,qi) \\ff). Conversely, the inverse function^ 1 should be CNOT 
(q3 : qi)CNOT(q2,q3)CNOT(q\,q2) \\ff). An avalanche effect is described under a com- 
munication model between a sender and a receiver. First, the sender inputs the state, 
|000) for example, to the function F and subsequently, F outputs the state |000). Then 
the sender sends the qubits |000) to the receiver via a quantum channel. During the time 
of transmission, if there is no eavesdropper, then the same state |000) will be received 
and recovered by the receiver, i.e., 1 000) — >■ F~ l ->■ |000). Conversely, assume the last 
qubit is altered by an outsider, i.e., the state received by the receiver becomes 1 00 1 ) . 
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Consequently, the receiver inputs the received state |001) to F , the inversion of the 
function F. The state that the receiver finally recovers is 1 1 10) . Obviously, one single 
qubit modification eventually causes more than one qubits to change. 



SENDER 



Check qubits 



MESSAGE 



KEY 



QSAC 
Algorithm 



QSAC 



QSAC: Quantum State 
Authentication Code 



RECEIVER 



QSAC 



KEY 



Verification 
Algorithm 



Check qubits 




Check qubits 




1 






f Yes: pass 






\ No: fail 





Figure 1: The avalanche effect of the QSAC. 



2.3 The proposed QSAC 

Based on the technique described in Sec. 2.2, this section proposes a QSAC design that 
marries a pre-shared key, K, between a sender and a receiver to a message qubits, \M) to 
be transmitted from the sender to the receiver via a sequence of CNOT operations in such 
a way that only a few qubits' interference to the transmitted qubits by an outsider without 
knowing K would cause an avalanche effect on the qubits recovered by the receiver. 

Figure 2 shows the procedure of the QSAC. The sender first inputs the message qubits, 
\M), and the shared key, K, to the QSAC algorithm. The QSAC algorithm generates check 
qubits from K and outputs a QSAC codeword which strongly entangles the message 
qubits and the check qubits. Then, the sender sends the QSAC codeword to the receiver. 
For verification, the receiver inputs the received codeword and the shared key K to the 
verification algorithm to "extract" the message qubits and the check qubits. Finally, by 
verifying the correctness of the check qubits, the receiver can verify whether or not the 
message qubits are indeed from the legitimate participant and are without eavesdropping 
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on modifications from an outsider. 
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Figure 2: The procedure of QSAC. 

A. QSAC encoding: 

The following steps demonstrate the encoding of the proposed QSAC. The inputs are the 
secret message qubits \M) of length m and the key K of length k bits shared between the 
sender and the receiver. 



Stepl Extend the key K to Kq and Kj, via an extension function, which can be so 
designed as the key scheduling in DES or AES. The lengths of Kq and Kj 
will be understood in the following description. 

Step2 Transform Kq to a quadratic string Sq of length n and every element of Sq 
is in {0, 1,2,3}, where n is the security parameter determines the number 
of check qubits. Then, a sequence of check qubits |C) = SqJ ® Sg) ® 
•••® Sg) can be generated according to Sq. The elements in {0,1,2,3} 
of Sq represents the states {|0) , 1 1) , |+) , |— )} of check qubits, respectively. 
That is, if the element in Sq is "0", then the state "|0)" is produced and 
so on. For example, if Sq is "012130", then the check qubits should be 
"|0)|1)|+)|1)|-)|0)'<. 



Step3 Attach the message qubits to the check qubits as \y) n+m = \C) n <S> \M) m . 

Step4 Transform K T to a digit string St of length (n+m) and every element of 
St is in {1,2,3, ••• ,ra + n}. Perform CNOT operations among the qubits 
of \y) n+m according to St- That is, the index of an element in St repre- 
sents the index of the control qubits in \yf) n+m and the corresponding value 
of that element in St is the index of the target qubit in \y) n+m . In other 
words, the CNOT operation is performed on the i th qubit in \\ff) n+m , as the 

■ th 

control qubit and the S' T qubit in \y) n+m , as the target qubit. For exam- 
ple, if S T = 3412, then the sender first performs CNOT(\yr) 1 , 1 1//} 3 ) , then 
computes CNOT(\y) 2 , 1 1//} 4 ) and so on. 
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Operation 


cNOT(\ v y,\ ¥ y) 


CNOT(\ ¥ ) 2 ,\xj/) 4 ) 


CNOT(\ ¥ y,\v) 1 ) 


CNOT(\ ¥ ) 4 ,\ ¥ ) 2 ) 



Table 1: Example of Step4 in QSAC 

B. QSAC decoding: 



After the execution of Step4, the message qubits and the check qubits are both strongly 
entangled. The verification process mainly is the inversion of the QSAC algorithm. The 
inputs to the decoding function are the received QSAC codeword as well as the shared 
key K. The following steps demonstrate the details of the verification algorithm. 

Stepl The same as the Stepl in the encoding algorithm, the receiver first produces 
the sub-keys Kq and K T from K. Because of the pre-shared key K, the sender 
and the receiver should have the same sub-keys Kq and Kj. 

Step2 Similar to the Step4 in the encoding algorithm. The receiver preforms the 
inversion of the encoding function to extract the message qubits as well 
as the check qubits from the QSAC codeword and K. The receiver trans- 
forms K T to a digit string St of length (n+m) and every element of St is 
in {1, 2, 3, • • • ,ra + n}. The index of St represents the index of the control 
qubits in \iff) n+m and the corresponding value of the element in St is the 
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index of the target qubit in | ty) n+m - It should be noted here that in the QSAC 
decoding, the order to perform the CNOT operations is the reverse of that in 
the QSAC encoding. For the same example, if Sj = 3412, then the sender 
first performs CNOT(\ i//) 4 , 1 1//) 2 ) , then CNOTdy) 3 , (i//) 1 ) and so on. 
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CNOT(\ ¥ y,\ ¥ ) 1 ) 


CNOT(\ ¥ ) l ,\ ¥ )*) 


cNOT(\ ¥ y,\ ¥ y) 



Table 2: Example of Step2 in verification 



Step3 Transform Kq to a quadratic string Sq of length n and every element of Sq is 
in {0, 1,2,3}. With Sq , the receiver knows the original states of the check 
qubits the sender prepared. Consequently, the receiver measures the check 
qubits extracted from the QSAC codeword with the corresponding bases. 
That is, if the element of S q is equal to or 1, then Z-basis is used; otherwise 
X-basis is used. 

Step4 If the the measurement result of check qubits in Sq is the same as the mea- 
surement result of the check qubits recovered from the QSAC codeword, 
then the secret message qubits are authenticated. 



2.4 Security analysis and discussions 

This section analyzes the features of the proposed QSAC including: (1) the integrity of 
the secret message qubits, and (2) the originality of the secret message qubits. 

The secret message integrity ensures that the received message qubits are not eaves- 
dropped and modified during the time of transmission in an open quantum channel. Con- 
versely, if the message qubits are eavesdropped or modified , then with a high probability 
the receiver can detect the interference. To analyze the integrity, let us denote the mes- 
sage qubits to be transmitted as \M), the check qubits created from the key, K, as |C), and 
the QSAC codeword state after executing the QSAC encoding algorithm as 1 1//) . Assume 
the QSAC codeword state, 1 1]/) , was modified by a malicious user into the other state | ty/) . 
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Upon receiving 1 1/), the receiver executes the verification function and recovers the state 
to 1 1//') . If | \\f") 7^ | xj/) , then the only situation that the modification passes the verification 
process is: (a) a collision occurs, which means that the check qubits \C") extracted from 
is the same as the check qubits \C) produced from K, or (b) \C") 7^ |C), but their 
measurement results are the same. 

Assume that the probability for the situation (a) to occur is p^ a y Hence, the prob- 
ability for the situation (b) to occur is (1 — P( a )) x where the £ is the probability for 
\C") to have the same measurement result as |C), when \C") 7^ |C). Therefore, the total 
probability for the modification to pass the verification process when 1 i/a") 7^ 1 1//) is: 

Ppass=P(a) + (l-P(a)) X£ 

where 

\message space\ 
\codeword space\ 

It is noted if the length of check qubits is large enough, then pi a \ could approach to 
zero. The p paS s thus is equal to £. Since £ is the probability for \C") to have the same 
measurement result as |C), where \C") 7^ |C), £ could be express as: £ = | (C| C") | 2 . Let 
us assume that only one single qubits ( e.g., the z'th check qubit) was modified. As an 
example, if |C)' = |0), then \C")' could be 1 1 ) , |+) or |-). Similarly, if |C) ! ' = |1), then 
\C"Y = |0) , |+) , I -) and so on. In any case, £ = ± (j (0| 1} | 2 + | (0| +) | 2 + | (0| -) | 2 ) = i. 
Hence if j check qubits are modified, then £ = Q) J . If the length, n, of check qubits is 

n 

large enough, then due to the avalanche effect, £ = Q) 5 ^0. 

The message originality means that the receiver can verify whether the message is 
sent from the same participant whom he/she claimed to be. To impersonate the sender, 
an eavesdropper must input a guessed key K' to the QSAC encoding algorithm to generate 
a codeword If K' 7^ K, then the situation for to pass the verification process is 
exactly the same as the one described above, whose possibility, Pp ass , can be ignored. 

Note that the main difference between the random sampling discussion and the QSAC 
is in the basic assumption for eavesdropper detection. The former assumes that the num- 
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ber of check qubits "altered" by an eavesdropper should be large enough, whereas the 
latter (QSAC) assumes that the number of check qubits "set" by the designer is large 
enough. Hence, for an eavesdropper to be detected with a high probability in the random 
sampling discussion, both the number of the check qubits as well as the number of check 
qubits altered by the eavesdropper should be large enough. Conversely, due to the design 
of an avalanche effect on the QSAC, for a higher eavesdropper detection rate, it requires 
only a large enough number of check qubits in the QSAC. 

Furthermore, to make an eavesdropper inadvertently alter enough check qubits in the 
random sampling approach, the positions of those check qubits should be unknown to 
the eavesdropper before these check qubits are received by the receiver. Then, the sender 
and the receiver have to communicate back and forth in an authenticated channel later to 
discuss of the states, positions, and measurement results of these check qubits to judge 
the existence of an eavesdropper. On the other hand, in the QSAC, these overheads can 
be removed altogether. The communication between the sender and the receiver can be 
simplified to just a one-way communication. 

3 Applications 

To illustrate the usefulness of the proposed QSAC, a quantum secure direct communica- 
tion with authentication based on the Deng's two-step QSDC[2J is demonstrated. Instead 
of assuming the existence of authenticated classical channels, we assume that the sender 
and the receiver pre-share a secret key K via some secure ways. 

Step 1 The sender prepares a sequence of EPR states in The sender encodes 
his/her classical secret message into a message qubits by performing one 
of the four operations {i, <7 X , <7 Z , i(7y} on the EPR state, which represent the 
two-bit classical information {00,01,10,11}, respectively. Subsequently, 
the sender encodes the message qubits to a QSAC codeword, and then sends 
it to the receiver. 

Step 2 Upon receiving the QSAC codeword, the receiver decodes the QSAC code- 
word and verifies the correctness of the recovered check qubits. If the code- 
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word is authenticated, then the receiver performs Bell measurement on the 
EPR state to recover the secret message; otherwise they abort the communi- 
cation. 

In the original two-step protocol in 0, the EPR pairs should be transmitted separately 
in two steps in order to protect the security of the message. Furthermore the sender and 
the receiver have to perform public discussions via an authenticated classical channel to 
detect the existence of eavesdroppers. However, with the design of the QSAC, these can 
be done within one step and without any tedious public discussion to detect the existence 
of an eavesdropper. 

4 Conclusions 

Using the inherent characteristic in quantum of being very susceptible to be eavesdropped, 
this paper proposes a QSAC to protect quantum state sequence from being eavesdropped 
or modified arbitrarily. As compared to the conventionally used strategy - the random 
sample discussion, the QSAC provides efficiency in quantum sequence communication 
as well as ease in the design of quantum cryptographic protocols. The assumption of ex- 
istence of authenticated classical channels in almost all existing quantum cryptographic 
protocols can be removed. Instead, a secret key is assumed to be shared between a sender 
and a receiver, which is a more common and practical assumption in modern cryptogra- 
phy. A QSAC -based QSDC is designed to demonstrate the usefulness of the proposed 
QSAC in the design of various quantum cryptographic protocols. On one hand, though 
the strongly self-entangled QSAC codeword makes itself very difficult to be forged or 
interfered without detection. On the other, it is quite susceptible to noises in a quantum 
channel. Therefore, how to design a QSAC, which is robust under a noisy and lossy 
quantum channel would be a very interesting future research. 
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